Nick Lowe, regional director, Northern Europe at Check Point shows why conventional enterprise security defenses cannot cope with the latest generation of cyber-attacks, and how those defenses must evolve.
Over the past 30 years, both cyber-attacks and security protections have rapidly evolved. Looking back, it’s easy to identify successive generations of attacks and security solutions: it’s also possible to see the point at which the pace of attack evolution started to exceed the levels of security that most businesses have deployed. Attacks targeting enterprises today are the most advanced and destructive ever seen – yet the security deployed by most businesses is generationally outdated and incapable of protecting against them.
There are several reasons why attacks are outpacing the security necessary to prevent them. The most obvious is that attackers have absolutely zero constraints in developing new and advanced techniques. In contrast, businesses have change control procedures, budgetary, compliance and other operational constraints … which all restrain security advances.
Another restriction is the traditional check-box method of building security infrastructures, in which a specific security technology is deployed to defend against a specific type of attack, or to protect a specific service. This point solution approach was effective in dealing with earlier generations of attacks. However, today’s attacks are multi-dimensional, multi-stage, multi-vector and polymorphic, with the ability to exploit the gaps left by piecemeal security deployments.
The stark reality is that despite their best efforts, most business security defenses are generationally behind the level of attacks they are facing, and we must close that security generation gap. Properly protecting a business’s IT operations today requires a new, holistic approach to security: an integrated, unified infrastructure that prevents attacks in real time.
First, let’s examine how the generations of cyber-attacks – and the corresponding security defenses – have evolved:
Generations of attacks and security
As networking developed through the 1970s and 80s, leading to the growth of the Internet in the 90s, this connectivity created vast opportunities for enterprises, governments and malicious actors alike. In hindsight, it’s possible to clearly see the generational advances in attacks and the corresponding protections, with each generation becoming more sophisticated than its predecessor.
First-generation (Gen I) attacks
Gen I attacks began in the 1980s, with the mass availability and use of personal computers. Viruses, malicious software programs that replicate themselves on computers soon emerged, such as 1986’s Brain virus. These affected all businesses and users of PCs, and their impact was disruptive enough to drive the development of commercial anti-virus software.
Second-generation (Gen II) attacks
Gen II attacks emerged in the 1990s with the advent of networking and the Internet. This explosion in connectivity opened the gates for malicious software and intrusion attempts like the 1994 theft of over $10M from Citibank, leading to the development of the network firewall.
The combination of firewall and anti-virus products became essential to protect businesses as increasing numbers began to connect internal networks to the World Wide Web; these products formed the foundation of enterprise security infrastructures. They also started the point solution security model of selecting and deploying ad-hoc products to protect against threats.
Third-generation (Gen III) attacks
Gen III emerged in the early 2000s as attackers learned to leverage vulnerabilities in all components of IT infrastructure. Vulnerabilities were plentiful: in operating systems, hardware and applications. Examples of attacks include the SQLSlammer worm, which attacked vulnerabilities in Microsoft SQL Server and MSDE and became the fastest spreading worm of all time.
This era also saw an explosion of technologies and services, that in-turn lead to an explosion of start-up security vendors and products. As a result, the point solution model for security became cumbersome and hard to manage: each new security product had its own user interface and management console, which added to IT and security teams’ workloads, increased security system complexity and ultimately wide-scale inefficiencies. More importantly, the protection delivered by enterprise security infrastructures began to fall behind the speed and sophistication of the attacks.
Fourth-generation (Gen IV) attacks
Gen IV emerged in approximately 2010 as attackers reached new levels of sophistication and their methods became professional. These attacks made headlines in mainstream media simply because of the large-scale impact on the public, as well as impacting board rooms and causing government investigations. Examples include the massive breach at US retailer Target which compromised 40 million customer credit cards and the private information of up to 110 million.
While Internet security of Gen II and Gen III provided access control and inspected all traffic, it lacked the ability to validate the actual content received in email, via file downloads and more. Malware was hidden in everything from resumes to picture files. A user only needed to inadvertently open an email attachment, download a file from the Internet or plug a USB into their laptop, and the attack was silently launched.
This generation also clearly marked the point where detection-based security was no longer enough: such products only detect attacks based on identifiable signatures that are created AFTER an attack is discovered, analyzed and communicated widely. The window of exposure could last days or months until an update became available. As new and more sophisticated malware (with no signatures for detection) advanced beyond the signature-based security of the day, new technologies such as sandboxing were developed to defend against zero-day attacks. This added yet more point solutions to enterprise environments, further complicating their security infrastructures.
Fifth-generation (Gen V) attacks
Gen V attacks emerged with force in approximately 2017 as sophisticated, advanced hacking tools – some state developed and then leaked to the dark web - drove large scale, multi-vector, mega attacks that generated revenues and disruption for criminals and caused major, large-scale financial and brand reputation losses. This led to custom, sophisticated malware that can infiltrate and proliferate to and from virtually any vector of IT infrastructure including networks, cloud instances, remote offices, mobile devices, third parties and more. Examples include the WannaCry attack which affected 300,000 computers across 150 countries, and NotPetya, which caused losses of $300 million for a number of affected businesses.
These Gen V attacks move with unprecedented speed, causing huge disruption and damage. The threats easily overwhelm earlier generations of non-integrated, detect-only technologies. To defend against these attacks, we need a brand-new model for assessing and building security infrastructures: a fifth generation of IT security that is integrated, unified and shares threat intelligence in real time for immediate, inline prevention of the first occurrence of an attack.
How many generations behind are we?
To establish the extent of the generation gap between threats and security, we recently surveyed nearly 450 security professionals worldwide about their security infrastructures. The results show that enterprise security lags dangerously behind the level of attacks it must protect against: most businesses are only at Gen II or Gen III of security.
With early generations of attacks, it was effective to simply add a new security product for every new type of attack. However, this point-solution approach no longer works. Enterprises end up with a security estate comprising 15-to-20 security products working in detect-only mode: these cannot prevent attacks, and they also absorb a huge amount of management time.
The result is that typical point solution IT security infrastructures cannot protect against the current generation of attacks, as highlighted by a key survey finding: that 31 percent of our sample using consolidated security architectures identify and remediate attacks 20x faster and at 1 percent of the cost compared with those using point, best-of-breed security products.
Gen V security is needed
Businesses must build a plan to move from their Gen II or Gen III point solution security deployment to a Gen V security infrastructure. Gen V security is advanced threat prevention that uniformly prevents attacks on a business’ entire IT infrastructure with single-console central management for administration, monitoring and response. This not only protects against Gen V attacks but also is built using an infrastructure where businesses are able to easily add security capabilities as threats and IT environments evolve.
Gen V security is marked by the following advancements over prior security generations:
- Consolidates prior generations of security of next-generation firewall, sandboxing, bot security, endpoint security and other controls into a single unified architecture.
- Shares current threat information in real time throughout the architecture and across all vectors.
- Prevents advanced Gen V and first occurrence of new attacks; does not allow infections to start.
- Extends prevention of advanced attacks to cloud deployments, endpoints and mobile devices as part of the single, unified architecture.
- Centrally manages, monitors and responds to all security activities and events as a single, unified system.
This fully consolidated cybersecurity architecture protects business and IT infrastructures against Gen V mega cyber-attacks. It resolves the complexities of growing connectivity and inefficient security, and provides real-time threat prevention against known and unknown threats, leveraging the most advanced threat prevention and zero-day technologies. Automatic threat intelligence sharing across all networks, endpoint, cloud and mobile, delivers consistent security, sealing gaps across the entire enterprise network. It’s also easier to manage, via a single pane of glass.
The evolution of cyber-attacks and cybersecurity over the past 30 years has been rapid, and is still accelerating. Today, the security deployed by businesses is at a concerning inflection point because most IT security infrastructures are only at the Gen II or Gen III level of security, which cannot cope with advanced Gen V attacks.
To resolve this problem, we must counter Gen V attacks with Gen V security: advanced threat prevention that uniformly prevents attacks on a business entire IT infrastructure. This approach will firmly close the security generation gap – and ensure it stays closed.
Nick Lowe, Regional Director, Northern Europe for Check Point
Image Credit: Pavel Ignatov / Shutterstock